Fortinet white logo
Fortinet white logo

Architecture

Architecture

FortiWeb-VM is deployed in the following environments:

  • VMware ESXi (see illustration)
  • Microsoft Hyper-V
  • OpenStack cloud computing platform
  • KVM
  • Citrix XenServer
  • Docker
  • Open Xen
FortiWeb-VM network topology

FortiWeb can be deployed in a one-arm topology, but is more commonly positioned inline to intercept all incoming clients’ connections and redistribute them to your servers. FortiWeb has TCP- and HTTP-specific firewalling capability. Because it is not designed to provide security to non-HTTP applications, it should be deployed behind a firewall such as FortiGate that focuses on security for other protocols that can be forwarded to your back-end servers, such as FTP and SSH.

Once the virtual appliance is deployed, you can configure FortiWeb-VM via its web UI and CLI, from a web browser and terminal emulator on your management computer.

FortiWeb-VM requires Internet connectivity.

  • DNS lookup — UDP 53
  • FortiGuard licensing — TCP 443

Architecture

Architecture

FortiWeb-VM is deployed in the following environments:

  • VMware ESXi (see illustration)
  • Microsoft Hyper-V
  • OpenStack cloud computing platform
  • KVM
  • Citrix XenServer
  • Docker
  • Open Xen
FortiWeb-VM network topology

FortiWeb can be deployed in a one-arm topology, but is more commonly positioned inline to intercept all incoming clients’ connections and redistribute them to your servers. FortiWeb has TCP- and HTTP-specific firewalling capability. Because it is not designed to provide security to non-HTTP applications, it should be deployed behind a firewall such as FortiGate that focuses on security for other protocols that can be forwarded to your back-end servers, such as FTP and SSH.

Once the virtual appliance is deployed, you can configure FortiWeb-VM via its web UI and CLI, from a web browser and terminal emulator on your management computer.

FortiWeb-VM requires Internet connectivity.

  • DNS lookup — UDP 53
  • FortiGuard licensing — TCP 443